BEGIN ARTICLE PREVIEW:
True bills itself as the social networking app that will “protect your privacy.” But a security lapse left one of its servers exposed — and spilling private user data to the internet for anyone to find.
The app was launched in 2017 by Hello Mobile, a little-known virtual cell carrier that piggybacks off T-Mobile’s network. True’s website says it has raised $14 million in seed funding, and claimed more than half a million users shortly after its launch.
But a dashboard for one of the app’s databases was exposed to the internet without a password, allowing anyone to read, browse and search the database — including private user data.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the exposed dashboard and provided details to TechCrunch. Data provided by BinaryEdge, a search engine for exposed databases and devices, showed the dashboard was exposed since at least early September.
More on Extra Crunch
After we reached out, True pulled the dashboard offline.
Bret Cox, chief executive at True, confirmed the security lapse but did not answer our specific questions, including if the company planned to inform users of the security lapse or if it planned to disclose the incident to …
END ARTICLE PREVIEW